• Save
Cyber Conflict
Upcoming SlideShare
Loading in...5
×
 

Cyber Conflict

on

  • 697 views

 

Statistics

Views

Total Views
697
Views on SlideShare
696
Embed Views
1

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cyber Conflict Cyber Conflict Presentation Transcript

  • Stuck in the Middle February 2009 Jason Healey Cyber Conflict Studies Association Cyberconflict.org Yes I'm stuck in the middle with you, And I'm wondering what it is I should do, It's so hard to keep this smile from my face, Losing control, yeah, I'm all over the place, Clowns to the left of me, Jokers to the right, Here I am, stuck in the middle with you. From “Stuck in the Middle” Stealers Wheel, 1972
  • Page 2 About Cyber Conflict Studies Association Goal: begin a cross-discipline study of implications of strategic conflict in cyberspace • Symposium at Georgetown University last February: Can a cyber conflict be deterred? Lessons from Estonia • Previous symposia have been on law and cyber conflict, attribution of attacks, arms control, and visualization of cyber conflict, and deterrence of cyber conflict • Online “Journal of Cyber Conflict Studies” • Membership from government, academia, industry. Includes James Mulvenon, Paul Kurtz, Greg Rattray, Dorothy Denning, others • Sponsored by Norwich University
  • Page 3 Agenda • Why “Stuck in the Middle” • How can it happen? • How can you see it coming? • What can you do? • The Sleep Deprivers…
  • Page 4 Why “Stuck in the Middle” ? • We are all defending our own corners of cyberspace – But could be stuck in something larger • Can be caught because of a protest – World Economic Forum in 2002 • Or as part of a war – No, of course it won’t happen – But what will you do when it does?
  • Page 5 “Hactivists,” “Patriotic Hackers” and the Big Boys • Relation of physical and cyber troubles – Easier to cross borders with your protest in cyberspace – Less likely to be caught – Easy to organize – Anonymity means increased chances of bad behavior • Why did “Hacking = art” • Who started “patriotic hacking”? • Who is meanest? • What nations are best at harnessing it? • None of this is “cyberterror”
  • Page 6 You may be targeted because of • Bum luck – “Kosovo is Serbia” in 2000 – Caught in the middle: Manchester United, Adidas, viagra.com, jamesbond.com • The sector you are part of? – Caught in the middle: Finance, firebombings and beagles Secondary and tertiary targeting Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  • Page 7 Secondary and Tertiary Targeting • "If you support or raise funds for any company connected with Huntingdon Life Sciences we will track you down, come for you and destroy your property with fire.“ – Animal Liberation Front (source: wikipedia, accessed 7 November 2008) • The physical dimension – Yacht club – Protests at insurers, shareholders, market makers – Executives targeted, attacked, property firebombed • The cyber dimension: – Email and DoS campaigns – Skip’s neighbors
  • Page 8 You may be targeted because of • A group you are associated with? – Caught in the middle? AIPAC • Choices of your company? – Caught in the middle? Carrefour Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  • Page 9 You may be targeted because of "KFC's license is from America, an important Israeli ally. In consuming US products, it means that we give financial contributions to Israel's military strikes on the Palestinian people" Indonesian protest coordinator, January 2009 (Source: Hill and Associates from AFP, CAN, Viva News) • Perceived actions of your country? – Serbia, EP-3. Caught in the middle? The poorly protected… – Japan in 2001: history books from South Korea, visit to Yasukuni Caught in the middle? The poorly protected… – Who moved my statue? Caught in the middle? The whole online country Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  • Page 10 You may be targeted because of • A real, no-kidding war – How could this happen here? – Unless you can make hard, unpalatable choices you may be in the middle Are they just random hackers, or are they organized? Is another company behind it? Is another nation behind it?
  • Page 11 This region is hactivist central • Long history of patriotic hacking in Asia – India Pakistan – China Taiwan – China Japan – South Korea Japan – China United States – China Olympic, Tibet protesters • The “China Ceiling”
  • Page 12 How to see it coming • Rule #1: Cyber follows, never precedes the physical • Rarely ever broken (so far) • You should find traces of this online with a good search process
  • Page 13 How to see it coming • Are you involved in an area likely to draw activists: – Israel/Palestine – China/Tibet and China/Taiwan – Russia/Baltics, Russia/Georgia – Serbia – Olympics – Environmental – Finance and globalization • Play “what if” on your CSR and business decisions • Develop your indicators
  • Page 14 How to see it coming • Your indicators, rate them 1 to 5 • As these get checked off, consider yourself warned. Attacks are getting closer: • Are activists mentioning our company or related topics? • Are there physical protests affecting our sector or related businesses? Increasing specificity and • For example, other companies in the same likelihood of line, other globalizing firms, or other Olympic you’re being attacked sponsors • Are there cyber protest attacks related to our business? • Are there cyber protest attacks against our sector? • Are there physical protests against our company? • Are we being specifically mentioned for cyber
  • Page 15 What to do if you’re targeted? • What to do if you’re a target depends on which category you fall in to – Bum-luck attacks are best for you as neither sophisticated nor persistent – Sector attacks will keep coming back But will hit your competitors too, ha ha – Company-specific attacks may be short, but very intense In rare cases (n=1?) they will be with you forever Country-specific may also be short, but has the worst consequences Are your standard defenses good enough? – WEF attacks of 2002
  • Page 16 The Sleep Deprivers • The old big things: – Olympics – Taiwan • The new big things: – Russia? – Collapsing Economies – Food?